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DETAILED ACTION 

The instant application having Application No. 10/598,875 is presented for 
examination by the examiner. Examiner acknowledges Applicant's election to claims 
25-31 and newly added claim 50. 

Priority 

Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 
1 19(a)-(d). The certified copy has been received. 

Specification 

The abstract of the disclosure is objected to because the references , non-patent 
document 1 and 2 can simply be incorporated by reference into the specification. There 
is no need for the use of reference linking as seen on page two of the written 
description. Correction is required. See MPEP § 608.01(b). 



Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



Application/Control Number: 10/598,875 Page 3 

Art Unit: 2431 

Claims 28, 31, and 50 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

As per claim 31 , the phrase "the first common user ID" renders the claim 
indefinite. Examiner cannot ascertain the antecedent basis for this term. It could refer 
back to a first common identifier or be something new. Appropriate correction is 
required. 

As per claim 28 and 50, the scope of the claim invention is indefinite because of 
the uncertainty of the phrase "a data size". Examiner cannot ascertain its meaning or 
whether there is more than one data size because two data sizes are recited. Similarly, 
"a number" is defined twice. 

As per claim 50, the scope of the claim is indefinite because the question is 
raised whether there is one rule or more than one rule. The claim says there is at least 
one rule, but lists four rules. How can there be as little as one rule yet four rules are 
listed? An argument can be made that there must be at least four rules or that it is 
possible that rule one contains four parts. Clarification is needed to properly define the 
metes and bounds of the claim. Specifically whether there is more than one rule or if 
one rule contains all four limitations as claimed. 



Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 25, 27, and 29 are rejected under 35 U.S.C. 102(e) as being anticipated 
by USP Application Publication 2004/0210767 to Sinclair et al., hereinafter Sinclair. 

As per claim 25, Sinclair teaches a method for recording server authentication 
information, comprising: 

establishing, by a first server of a plurality of servers in a federated computing 
environment, a trusting relationship between the first server and a second server of the 
plurality of servers (0021 -0022); 

after said establishing the trusting relationship, obtaining by the first server an 
authentication policy [security policies] of the second server, wherein an authentication 
policy for each server of the plurality of servers is defined as at least one rule [password 
policy] of each server for authenticating users of the federated computing environment 
(0024-0025); and 
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after said obtaining the authentication policy of the second server, registering by 
the first server the authentication policy of the second server within the first server [data 
is replicated into the first server from the other servers, 0024]. 

As per claim 27, Sinclair teaches obtaining the authentication policy of the 
second server comprises accessing the authentication policy of the second server from 
a profile table prepared by an administrator of the second server (0032). Sinclair 
teaches both maintaining a table and a database (0025) which holds the policies 
acquired from the other servers. 

As per claim 29, Sinclair teaches registering the authentication policy of the 
second server comprises registering the authentication policy of the second server in an 
authentication policy table of the first server (0032), wherein the authentication policy 
table of the first server comprises an authentication policy of each server of the plurality 
of servers registered therein (0025). Sinclair teaches both maintaining a table and a 
database (0025) which holds the policies and password policies acquired from the other 
servers. The act of storing them at the first server constitutes registration. 



Claim Rejections - 35 USC § 103 



The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 1 02 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claim 26 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sinclair 
in view of USP Application Publication 2001/0019614 to Madoukh. 

As per claim 26, Sinclair teaches that the servers must first trust one another 
before sharing policies and resources. Sinclair teaches that the two servers could 
perform mutual authentication (0022). Sinclair stops just short of teaching the use 
establishing the trusting relationship comprises exchanging, by the first server, an 
electronic certificate of the first server with an electronic certificate of the second server 
in accordance with a Public Key Infrastructure (PKI) method. Madoukh teaches 
establishing the trusting relationship comprises exchanging, by the first server, an 
electronic certificate of the first server with an electronic certificate of the second server 
in accordance with a Public Key Infrastructure (PKI) method (0039). This is one 
example of mutual authentication that is well known in the art. Substituting known 
methods in similar system while yielding predictable results is within the capabilities of 
one of ordinary skill. Therefore the claim is obvious in view of these two references 
because one of ordinary skill could have easily substituted a mutual authentication by 
public key certificate into Sinclair system with predictable results. 
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Claim 28 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sinclair 
in view of USP Application Publication 2005/01 14673 to Raikar et al., hereinafter 
Raikar. 

As per claim 28, Sinclair teaches that password policies and parameters are 
maintained in a database (0025). However, Sinclair fails to elaborate that the 
parameters include a number of alphabetic characters of a user identification (ID), a 
number of numeric characters of the user ID, a data size for fingerprint authentication, a 
data size for voice print authentication, or combinations thereof. Raikar teaches using 
strong passwords which include a combination of a number of alphabetic characters of 
a user identification (ID), a number of numeric characters of the user ID (0037). 
Substituting known methods in similar system while yielding predictable results is within 
the capabilities of one of ordinary skill. Therefore the claim is obvious in view of these 
two references because one of ordinary skill could have easily substituted a 
combination of password parameters as taught by Raikar into Sinclair system with 
predictable results. Based on the interpretation of the claim stemming from its lack of 
definitiveness, Examiner finds the rule belonging to the each user ID references not the 
user ID itself but the password associated with the User ID. 

Claim 30 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sinclair 
in view of USP Application Publication 2002/0091928 to Bouchard et al., hereinafter 
Bouchard. 
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As per claim 30, Sinclair teaches storing the known other trusted servers in a 
table. It is inherent that the address or location to those servers in maintained as well in 
order to communicate with them. Sinclair fails to teach a relative priority of each server 
of a group of servers having a same authentication policy in the authentication policy 
table. Bouchard teaches a system in which multiple servers can designate priority to 
other servers for authentication in order to balance the load of the system (0047). Load 
balancing in computer networks is well known in the art. Assigning priority to servers is 
also well known in the art. Combining known methods in the art and yielding 
predictable results in within the ordinary capabilities of one of ordinary skill in the art. 
Therefore the claim is obvious in view of the teachings in the two references. One of 
ordinary skill could have maintained a priority list to balance the load of the network. If 
all the servers are able to perform authentication, it is obvious that they can share in 
those duties so that one is not overwhelmed. 

Claim 31 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sinclair 
in view of USP Application Publication 2004/0107212 to Friedrich et al., hereinafter 
Friedrich. 

As per claim 31 , Sinclair fails to explicitly teach the authentication policy of the 
second server is identical to an authentication policy of the first server, wherein a first 
common identifier (ID) exists in an authentication information Lightweight Directory 
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Access Protocol (LDAP) of the first server and in an authentication information LDAP of 
the second server, wherein the first common user ID is used by a first user in the first 
server and by a second user in the second server such that the second user differs from 
the first user, and wherein the method further comprises: after said registering the 
authentication policy of the second server, registering by the first server the first 
common user ID in a exceptional ID table of the first server, wherein the exceptional ID 
table of the first server stores common user IDs and an indication of one or more 
servers associated with each common user ID stored in the exceptional ID table of the 
first server. In Sinclair's system, multiple servers pool together their known 
authentication policies including those users belonging to each server. It is not 
unreasonable for one of ordinary skill to consider what would happen in the same user 
ID existed in both groups. LDAP which is notoriously well known in the art and taught 
by Friedrich, handles this occurrence through home repositories which are unique to 
each user even if the user name is common. Friedrich addresses this situation by 
maintaining the home repository of each user in conjunction with a unique identifier 
(probably the SID or some other unique attribute to the user) (0033). This solves the 
problem of common user names by creating a pointer to which server or repository that 
user belongs to. In view of this teaching, Examiner finds that claim is obvious because 
one of ordinary skill could have first recognized the potential for two users having a 
common user name and dealt with it in the means taught by Friedrich. Examiner, 
having found the claim indefinite under 35 U.S.C 112, and broadly interpreting the 
claim, finds its limitations known in the prior art. 
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Claim 50 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sinclair 
in view of USP Application Publication 2005/01 14673 to Raikar et al., hereinafter Raikar 
and USP Application Publication 2001/0048025 to Shinn. 

As per claim 50, Sinclair teaches that password policies and parameters are 
maintained in a database (0025). However, Sinclair fails to elaborate that the 
parameters include a number of alphabetic characters of a user identification (ID), a 
number of numeric characters of the user ID, a data size for fingerprint authentication, a 
data size for voice print authentication. Raikar teaches using strong passwords which 
include a combination of a number of alphabetic characters of a user identification (ID), 
a number of numeric characters of the user ID (0037). Shinn teaches the use of a 
biometric template used in authenticating fingerprints and voice prints (0033). Each of 
these teaching provides a secure means to manage a network. Specifically they teach 
a way to improve the security of the system by creating strict measures to enforce user 
authentication into the system and prevent unauthorized access. Therefore the claim is 
obvious in view of these three references because one of ordinary skill could have 
easily substituted a combination of password parameters and biometric templates as 
taught by Raikar and Shinn, respectively, into Sinclair system with predictable results. 
Based on the interpretation of the claim stemming from its lack of definitiveness, 
Examiner finds the rule belonging to the each user ID references not the user ID itself 
but the password associated with the User ID. 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure is listed on the enclosed PTO-892 form. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2431 
/Syed Zia/ 

Primary Examiner, Art Unit 2431 



